MASA – Mobile Application Security Assessment
In a hyperconnected world, there are more than 5 billion mobile phone users interacting with each other using mobile applications. For this reason, it is crucial to ensure that the applications available in the Google Play Store follow the security best practices. To reach this goal the App Defense Alliance (ADA), through authorized labs, verifies if the application is aligned with guidelines based on MASVS Level 1 requirements. This project allows developers to focus on these key points to ensure app safety.
What is MASA?
- Data Storage and privacy requirements
- Cryptography requirements
- Authentication and session management requirements
- Network communication requirements
- Platform interaction requirements
- Code quality and build settings requirements
What is included in Google Play’s data safety section?
- Data collection: is your app transmitting data from your app to a user’s device?
- Data sharing: Is your app transferring user data collected from your app to a third party?
- Data handling: which data your app collects is required/optional?
- Data safety section:
- Encryption in transit: Is data collected or shared by your app using encryption in transit to protect the flow of user data from the end user’s device to the server?
- Deletion request mechanism: Does your app provide a way for users to request deletion of their data?
How does the assessment process work?
- Fill out our form or send an email to firstname.lastname@example.org.
- DEKRA will arrange a meeting to clarify any questions that the customer may have about the assessment process.
- Our Mobile security engineers will perform the evaluation according to the MASA program based on (OWASP-MASSV Level 1 requirements). During this process, our team will be in constant contact with the developers to provide feedback and help to resolve any potential issues.
- Once the assessment has been completed, DEKRA will provide a full report with all the findings found during the assessment.
- DEKRA will notify the report results to Google.
- At this step, you are now eligible to display the Security Badge on your Data safety form. This process usually takes 1 week to be displayed in the Data Safety Label section.